Over the past few years, the name Voksi has become synonymous with game cracking, in particular when it comes to anti-Denuvo activities. This week the talented Bulgarian released a 90-minute video in which he reveals how he cracked V4 of the infamous anti-tamper technology. TorrentFreak caught up with him for the lowdown.

Related Stories

The developers at Denuvo have been in the news thanks to cracks against their notoriously tough digital rights management (DRM) tools, which are normally used to lock down video games from leaking online. On Sunday, the company faced a different kind of crack—not against a high-profile video game, however, but of its depository of private web-form messages. A significant number of these appear to come from game makers, with many requesting information about applying Denuvo's DRM to upcoming games.

The first proof of this leak appears to come from imageboard site 4chan, where an anonymous user posted a link to a log file hosted at the denuvo.com domain. This 11MB file (still online as of press time) apparently contains messages submitted via Denuvo's public contact form dating back to April 25, 2014. In fact, much of Denuvo's web database content appears to be entirely unsecured, with root directories for "fileadmin" and "logs" sitting in the open right now.

Combing the log file brings up countless spam messages, along with complaints, confused "why won't this game work" queries from apparent pirates, and even threats (an example: "for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm"). But since Denuvo's contact page does not contain a link to a private e-mail address—only a contact form and a phone number to the company's Austrian headquarters—the form appears to also have been used by many game developers and publishers.

The log, as hosted at Denuvo.com, contains queries with legitimate reply addresses at current game studios. Those include a requests from the following: 343 Industries, about applying Denuvo to upcoming Halo Wars games on PC; Microsoft, in a 2015 message describing Denuvo as something that would fit with "an upcoming initiative"; TaleWorlds, about adding DRM to the sequel to its Mount & Blade franchise; Harmonix Games, about scheduling an in-person meeting at this March's Game Developers Conference to talk DRM; Capcom, with multiple requests—one of which is described as a Windows 10 UWP release for 2016 (which could mean this past December's Dead Rising 4, which indeed shipped on UWP with Denuvo DRM); Ninja Theory, who sent a query about DRM for its upcoming adventure game Hellblade: Senua's Sacrifice; and many more.

Ah, Denuvo; the anti-tamper tech that a lot of gamers hate. And while some people may claim that this attitude comes from the fact that the games powered by it are hard to crack, the latest triple-A game powered by it, PREY, has already been cracked.

While it did not break the record for the fastest Denuvo-powered game cracked, it’s a real surprise that the latest, and more powerful, version of the Denuvo is unable to protect these games for more than ten days.

For what it’s worth, Resident Evil VII remains the fastest cracked Denuvo-powered game as it was cracked in just five days, while Mass Effect: Andromeda is close to PREY as it was cracked in ten – more or less – days.

Game studios that use digital rights management (DRM) tools tend to defend it to the death, even after it's been cracked. It prevents 'casual' piracy and cheating, they sometimes argue. However, Rime developer Tequila Works is taking a decidedly different approach. It claims that it'll remove Denuvo, the anti-tampering/DRM system on the Windows version of Rime, if someone cracks its island puzzle title. This is an odd promise to make, especially since it amounts to an inadvertent dare -- find a way to break in and the developers will eliminate the need for that crack.

This wouldn't be so unusual a statement if there weren't a history of Denuvo cracks. While it's harder to defeat this code than earlier schemes, it's definitely not impossible. Recent games like Resident Evil 7 and Prey had their Denuvo implementations broken within days of release, while developers have patched it out on titles like Doom and Inside. Tequila Works is aware that cracking is likely more a question of "when" than "if," but it appears to be optimistic about the challenge involved.

The new Denuvo system 'protecting' the game 'RiME' has been defeated in less than a week. This is notable, not least since the developers promised to remove Denuvo if it was cracked. Furthermore, a report from the cracker suggests that an apparently desperate Denuvo pulled out all the stops to protect RiME, but still failed.

[...] In a fanfare of celebrations, rising cracking star Baldman announced that he had defeated the latest v4+ iteration of Denuvo and dumped a cracked copy of RiME online. While encouraging people to buy what he describes as a "super nice" game, Baldman was less complimentary about Denuvo.

Labeling the anti-tamper technology a "huge abomination," the cracker said that Denuvo's creators had really upped their efforts this time out. People like Baldman who work on Denuvo talk of the protection calling on code 'triggers.' For RiME, things were reportedly amped up to 11.

In what could be a severe case of irony overload, anti-piracy company Denuvo is being accused of using unlicensed software to protect its infamous anti-piracy tool. A developer of VMProtect, software which itself protects against reverse engineering and cracking, says that Denuvo has been using the product without obtaining the necessary permission.

[...] According to a post on Russian forum RSDN, Denuvo is accused of engaging in a little piracy of its own. The information comes from a user called drVanо, who is a developer at VMProtect Software, a company whose tools protect against reverse engineering and cracking.

[...] drVano says that around three years ago, VMProtect Software and Denuvo entered into correspondence about the possibility of Denuvo using VMProtect in their system. VMProtect says they were absolutely clear that would not be possible under a standard $500 license, since the cost to Denuvo of producing something similar for themselves would be several hundred thousand dollars.

However, with no proper deal set up, drVano says that Denuvo went ahead anyway, purchasing a cheap license for VMProtect and going on to “mow loot” (a Russian term for making bank) with their successful Denuvo software.

There has been a fair amount of interest or news regard the Denuvo DRM/Anti-tampering software during the last few weeks -- from how hard it is to crack, the performance impact on the games protected by it and how they apparently are trying to use other peoples software on the cheap. Released a day or so ago a new way to circumvent the protection.

The latest "crack" is apparently that of Dishonored 2, which was released in the stores (or on steam) in November '16. The difference to the previous workarounds is that this time it apparently includes a keygenerator. So files remain intact and instead it validates the game as real and proper. That is one way to work around the issue of never having to remove any protection. That might still leave it with the second complaint and problem with Denuvo tho and that is that with this way it will retain all the performance issues the games appear to have while the protection is alive and active.

STEAMPUNKS are proud to bring you the first release including a real Denuvo license generator with untouched game executable. Your license will be regenerated if needed (hw change, os updates) Enjoy The Power We just gave you.

(in)security by obscurity?(Score: 2) by Mykl on Monday February 12 2018, @11:45PM

I'm a little surprised that a cracker would want to publicly talk about exactly how they cracked Denuvo. Surely that would provide the vendors with an opportunity to address the holes and come back with a stronger product?

I guess the opportunity to gloat is just too irresistible to a cracker (who, let's face it, is not in this for the money).